Share via


WebGL: An insecure standard, seriously, don’t use this right now (WebGL: 不安全的标准,严重的是,不要使用此现在)

When building games you need to be aware of causing your end users to be put in a condition of risk. 

Microsoft goal is to be a standards based design shop, but some standards are not secure, so what to do?  I don’t know, but I am not paid to make those kinds of decisions.  Today, while researching for my blog (yes I actually do research), I thought that the WebGL was pretty cool.  Chrome supports it, and IE 9 doesn’t, which makes for an awesome article tension.  Yeah, I am a fanboy, no doubt, but let’s face it, would I have as much fun picking on Apple Safari? No I wouldn’t.   However, in other blogs I do enjoy picking on the insecurity of the OS X.

Turns out that WebGL is insecure, and especially in Chrome, see (this has 6 vulnerabilities as of 5/19/2011)

https://web.nvd.nist.gov/view/vuln/search-results?query=WebGL&search_type=all&cves=on

Here is how the attack works, see: https://www.contextis.com/resources/blog/webgl/ for more information.

Of course, the web browser that they are talking about here is Chrome.

webglimg